A vulnerability, which was classified as critical, has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection.

This vulnerability appears as CVE-2026-15033. The attack may be initiated remotely. There is no available exploit.

The project was informed of the problem early through an issue report but has not responded yet.